CMIT312 Week 5

After creating an Oracle database, the DBA must change the password and ____________ the database account.

____________ is a command-line interface for a Microsoft SQL Server that allows an attacker to execute commands on the underlying operating system, execute SQL queries, and upload files to a remote server

____________ is an area created to protect internal computer networks from the Internet by placing servers that are providing web services between two firewalls—one between the web server and the internal network, and one between the web server and the Internet.

SQL injection attacks can cause buffer overflows in a database by exploiting ____________.

New Oracle databases are created using the ____________ command

An attacker can retrieve data by using ____________ messages produced by the SQL Server.

This is a validation control mechanism that is used to check for SQL-specific metacharacters like single quotation marks or double dashes.

____________ is a common form of SQL injection in which the attacker uses SQL injection techniques to evade logon forms.

This feature of Microsoft SQL Server, vulnerable to buffer overflow attacks, allows an attacker to run arbitrary code by using a specially crafted request to UDP port 1434.

In Oracle, ____________ access control limits privileges to minimum-required operations and data.

You have been hired to perform a web application security test. The website that you are testing uses dynamic content that connects to a back-end database. If you wanted to test for SQL injection, what is the first character you should use to test for input vulnerabilities?

What mechanism does MySQL use to prevent SQL injection attacks?

To help prevent SQL injection attacks, all ____________ should be validated before being transmitted to the server.

When searching for URLs that allow submission of data to a back-end database, the attacker looks for HTML pages that use ____________ methods to submit data to the database.

Attackers can use a website's ____________ to attack an SQL Server if the developers store SQL Server authentication information in ASP scripts.

____________ is an Oracle-built user that holds information about the stored outlines.

The Voyager Beta Worm uses default accounts and passwords to attack Oracle servers. First, the worm will attempt to establish a connection to the port where Oracle listens. If Oracle is listening, the Voyager Beta Worm will connect to port ____________.

Which of the following tools is used in blind SQL injection testing?

Which of the following are recommend best practices for defending against SQL injection attacks? (Select all that apply.)

Once an Oracle database server has been traced, the first port of call is made to the ____________ listener.